CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform

🗓️ 06 Nov 2023 18:47:49Reported by GitHub_MType

Remote code execution vulnerability in XWiki Platfor

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the XWiki Platform, related to improper code generation management, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	14 Feb 202400:00	–	bdu_fstec
Circl	CVE-2023-46731	6 Nov 202322:25	–	circl
CNNVD	XWiki Platform Security Vulnerability	6 Nov 202300:00	–	cnnvd
CVE	CVE-2023-46731	6 Nov 202318:47	–	cve
Github Security Blog	XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest	8 Nov 202314:51	–	github
NVD	CVE-2023-46731	6 Nov 202319:15	–	nvd
OpenVAS	XWiki < 14.10.14, 15.0-rc-1 < 15.5.1 RCE Vulnerability (GHSA-62pr-qqf7-hh89)	16 Nov 202300:00	–	openvas
OSV	CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform	6 Nov 202318:47	–	osv
OSV	GHSA-62PR-QQF7-HH89 XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest	8 Nov 202314:51	–	osv
Prion	Code injection	6 Nov 202319:15	–	prion

[
  {
    "vendor": "xwiki",
    "product": "xwiki-platform",
    "versions": [
      {
        "version": "org.xwiki.platform:xwiki-platform-administration : < 14.10.14",
        "status": "affected"
      },
      {
        "version": "org.xwiki.platform:xwiki-platform-administration-ui: < 14.10.14",
        "status": "affected"
      },
      {
        "version": "org.xwiki.platform:xwiki-platform-administration-ui: >= 15.0-rc-1, < 15.5.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-21110
github	www.github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a
github	www.github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89

06 Nov 2023 18:47Current

9.6High risk

Vulners AI Score9.6

CVSS 3.110

EPSS0.88534